Office of the Auditor General Calls For Outsourcing Policy For Ferry Online Booking System
The Office of the Auditor General is recommending that the government develop a clear outsourcing policy for the ferry online booking system.
The recommendation is contained in an Information Security Audit Report about the Montserrat Ferry Online Booking Application which was presented to the Legislative Assembly on May 19.
The report suggests that the policy should document the IT functions that can be outsourced and what remains in-house.
It also recommends that all of the roles and responsibilities between the government of Montserrat and future vendors and contractors be identified and defined.
This includes a Service Level Agreement that defines the services the contractor will be expected to accomplish, and the technical parameters for those services, that is, items critical to the GoM.
The report also recommends that the access Division should assess the feasibility of purchasing the software and maintaining it, in-house. Should this option not be accepted by the supplier, then they should request that the software be lodged in an escrow agreement where the source code is stored with an independent third party.
The audit found that there are adequate input and output validation controls in place that ensures the data being input or output is accurate, reliable, and complete when accepted by Montserrat Ferry Booking application, in a timely manner.
The application’s information is also properly protected and secured and there have not been any reports of security related incidents or breaches since its initial debut in 2016.
However, it found that the Office of the Premier’s Access Division does not have a Service Level Agreement or Contract that defines what functions are to be outsourced, what must remain in-house, or the ownership of the application and the stored data.
A press release issued by the OAG states that this is a very high-risk issue should the software vendor fail to maintain the software, goes out of business, or folds, as the Government of Montserrat does not retain business knowledge or ownership of the ferry online booking application and data.